Filter
Top Products
DES-7200 Configuration Guide Chapter 8 DoS Protection Configuration
8-6
8.2.3 Configuring Ingress
Filtering to Defend
Against DoS Attack
8.2.3.1 Default configuration
The ingress filtering for defending against DoS attacks is disabled on all network
interfaces.
8.2.3.2 Precautions
Only layer-3 interfaces with network address can support ingress filtering for
defending against DoS attacks.
By enabling defeat DoS based ingress filtering on the designated layer-3 interface,
the system will automatically establish the corresponding ACL for the network
interface to restrict the access of disguised source IP, and apply the ACL to the
ingress of layer-3 interface.
For example: The network address on SVI 1 is 192.168.5.1/24. If “ip deny
spoofing-source” is configured in the interface configuration mode, the following ACL
will be generated automatically and applied to this interface.
permit 192.168.5.0 0.0.0.255
permit host 0.0.0.0 (This ACE permits the access of DHCP requests with source address
being 0.0.0.0)
deny any